itlawwikiaorg-20200214-history
Botnet
Definitions A botnet (a contraction of the term "Ro'BOT' 'NET'work") is Overview A 2006 industry report indicated that nearly 12 million computers around the world were compromised by bots.See McAfee Virtual Criminology Report: Organised Crime and the Internet (Dec. 2006). Researchers suggest an average of about 4 million new botnet infections occur every month.See McAfee Quarterly Threat Report 2nd Quarter 2011 (full-text). Typically, users whose computers have been conscripted into a botnet are unaware that their computers have been compromised. Hundreds or thousands of these infected computers can operate in concert to disrupt or block Internet traffic for targeted victims, harvest information, or to distribute spam, viruses, or other malicious code (called collectively "Botnet code"). The attack value of a botnet arises from the sheer number of computers that an attacker can control. Botnets are becoming a major tool for cybercrime, partly because they can be designed to very effectively disrupt targeted computer systems in different ways, and because a malicious user, without possessing strong technical skills, can initiate these disruptive effects in cyberspace by simply renting botnet services from a cybercriminal. Botnets have been described as the “Swiss Army knives of the underground economy” because they are so versatile.See Joaquim P. Menezes, "Why We're Losing the Botnet Battle," NetworkWorld (July 26, 2007)http://www.networkworld.com/news/2007/072507-why-were-losing-the-botnet.html; Robert Lemos, “Breaking the Botnet Code,” Tech. Rev. (Nov. 11, 2009)http://www.technologyreview.com/computing/23924/; Gregg Keizer, "Botnets 'the Swiss Army knife of attack tools'", Computerworld (Apr. 7, 2010)http://www.computerworld.com/s/article/9174560/Botnets_the_Swiss_Army_knife_of_attack_tools_; "Netherlands Home to Many Botnet Computers," dutchdailynews.com (Jan. 14, 2011)http://www.dutchdailynews.com/botnet-computers/; "'Botnets Are the Criminals' Swiss Army Knife'", eco, Association of the German Internet Industry (June 24, 2011) http://en.eco.de/association/202_9230.htm. "Key components of a large bot network includes, but not limited to: * An address book of contacts or a collection of compromised servers (to act as watering holes). * An email or web‐based delivery mechanism. * Socially engineered content for lure activation. * Redirection servers and domains to mask destination. * Hosted malicious content servers and domains for exploits and malware. * Command‐and‐control (C&C) servers and domains for lateral movement within a targeted network, and further penetration. * Data exfiltration repositories."Cybersecurity Risk Management and Best Practices (WG4): Final Report, at 407. How they work Traditionally, botnets organized themselves in an hierarchical manner, with a central command and control (C&C) location (sometimes dynamic) for the botmaster. Intruders exploit security flaws in the hardware and/or software used by individual consumers, and they install malicious software that connects the consumer’s computer into a remotely controlled network of many computers. Once compromised, the infected computers are instructed to communicate with the command and control server and follow whatever instructions are received. By relaying commands through the C&C, the bot herder is able to remotely control a vast network of compromised computers, and use those computers for a variety of nefarious purposes, including the sending of spam, the distribution of malicious software, click fraud, and denial of service attacks.Id.; CERT Coordination Center, Botnets as a Vehicle for Online 6 Crime, at 7-16.http://www.cert.org/archive/pdfIBotnets.pdf However, in the near future, security experts believe that attackers may use new botnet architectures that are more sophisticated, and more difficult to detect and trace. One class of botnet architecture that is beginning to emerge uses peer-to-peer protocol, which, because of its decentralized control design, is expected to be more resistant to strategies for countering its disruptive effects. A well-designed peer-to-peer botnet may be nearly impossible to shut down as a whole because it may provide anonymity to the controller, who can appear as just another node in the bot network. Some botnet owners reportedly rent their huge networks for US$200 to $300 an hour, and botnets are becoming the weapon of choice for fraud and extortion.Susan MacLean, “Report warns of Organized Cyber Crime,” ItWorldCanada, Aug. 26, 2005.http://www.itworldcanada.com/a/IT-Focus/39c78aa4-df47-4231-a083-ddd1ab8985fb.html Newer methods are evolving for distributing “bot” software that may make it even more difficult in the future for law enforcement to identify and locate the originating botmaster. Some studies show that authors of software for botnets are increasingly using modern, open-source techniques for software development, including the collaboration of multiple authors for the initial design, new releases to fix bugs in the malicious code, and development of software modules that make portions of the code reusable for newer versions of malicious software designed for different purposes. This increase in collaboration among hackers mirrors the professional code development techniques now used to create commercial software products, and is expected to make future botnets even more robust and reliable. This, in turn, is expected to help increase the demand for malware services in future years.McAfee Virtual Criminology Report: Organized Crime and the Internet (Dec. 2006).http://www.sigma.com.pl/pliki/albums/userpics/10007/Virtual_Criminology_Report_2006.pdf Vulnerabilities Computers may be vulnerable to bots for a variety of reasons, including: Criminal conduct The rise of botnets has been recognized as the most serious security threat facing the Internet.See, e.g., Tim Ferguson, Security Experts: Botnets Biggest Threat on Net, ZDNet UK, Apr. 11, 2008.http://news.zdnet.co.uk/security/0,1000000189,39384066,00.htm Among other harms, experts estimate that botnets are responsible for approximately 85% of spam sent worldwide.See, e.g., Marshall8e6, Are Bots About to Bring Down Your Business? at 2.http://www.marshal8e6.com/documents/pdfs/white_papers/business/WP_BotsBringDownBusiness.pdf Operating a botnet is illegal, and in many cases, punishable as a felony.See 18 U.S.C. §1030. Once compromised, the owners of these computers are put at risk. Criminals have the ability to access personal information stored on the computer and communications made with the computer. Criminals can exploit this information for identity theft, privacy violations, and other crimes, as well as utilize the impacted users’ computing power and Internet access. Networks of these compromised computers can be used to store and transfer illegal content, and attack the servers of government and private entities with distributed denial-of-service attacks. Click fraud is another potential illegal use for a botnet.See, e.g., Stefanie Olsen, Exposing Click Fraud, CNET News.http://news.cnet.comlExposing-click-fraud/2100-1024_3-5273078.html Click fraud is a crime in many jurisdictions, including California, where it is a felony.See Cal. Penal Code §502. An OECD reportMalicious Software (Malware): A Security Threat to the Internet Economy, at 23. identified the following as typical criminal uses of a botnet: # Locate and infect other information systems with bot programmes (and other malware). This functionality in particular allows attackers to maintain and build their supply of new bots to enable them to undertake the functions below. . . . # Conduct distributed denial of service attacks (DDoS). # As a service that can be bought, sold or rented out. # Rotate IP addresses under one or more domain names for the purpose of increasing the longevity of fraudulent web sites, . . . for example host phishing and/or malware sites. # Send spam which in turn can distribute more malware. # Steal sensitive information from each compromised computer that belongs to the botnet. # Hosting the malicious phishing site itself, often in conjunction with other members of the botnet to provide redundancy. # Many botnet clients allow the attacker to run any additional code of their choosing, making the botnet client very flexible to adding new attacks. References Source * Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress. External resources * Zheng Bu, Pedro Bueno, Rahul Kashyap, et al., "The New Era of Botnets" (McAfee 2010) (full-text). * CERT Coordination Center, "Botnets as a Vehicle for Online Crime," at 11, 20 (full-text). * Tim Cranton, "Cracking Down on Botnets," Microsoft on the Issues Blog (Feb. 24, 2010) (full-text). * Jaideep Chandrashekar, Carl Livadas, Steve Orrin & Eve Schooler, "The Dark Cloud: Understanding and Defending Against Botnets and Stealthy Malware" (Aug. 4, 2009) (full-text). * Online Trust Alliance, "Combatting Botnets Through User Notification Across the Ecosystem" (full-text). See also * A Road Map Toward Resilience Against Botnets * Anti-Botnet Advisory Center * Benign bot * Bot * Bot program * Bot-herder * Botmaster * Botnets as a Vehicle for Online Crime * Botnet code * Botnet infiltration * Botnet management * Botnet operator * Botnets as a Vehicle for Online Crime * Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress * Botnets: Measurement, Detection, Disinfection and Defence * Butterfly botnet * Guide on Policy and Technical Approaches Against Botnet * Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime * Industry Botnet Group * ITU Botnet Mitigation Toolkit * Malicious bot * Malware & Botnet Initiative * Models To Advance Voluntary Corporate Notification to Consumers Regarding the Illicit Use of Computer Equipment by Botnets and Related Malware * Proactive Policy Measures by Internet Service Providers against Botnets * Recommendations for the Remediation of Bots in ISP Networks * The Fight Against the Threat from Botnets * The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Bases on Spam Data * Understanding Hidden Threats: Rootkits and Botnets * U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs) * Working Group 7 Botnet Remediation Category:Technology Category:Computer crime Category:Internet